On Mon, Feb 13, 2012 at 3:02 PM, Michael Ferjancic
wrote:
> Hi guys,
>
> I have to admit that i am fairly new to this topic, especially new to erlang. Currently i am trying to play around with the various authentication handlers - goal is to have a working "delegated authentication" on facebook, twitter and such.
>
> 1) as far as i understood the oAuth implementation of couchdb is just the opposite i need - you can use that to create tokens for couch-users, but not to accept twitter accessTokens/secrets and map that to a couch user
> 2) i found exactly what i need in datacouch - authentication against twitter with nodejs, and after that getting the plaintext password from a private couch and use it with _session-API to create a couch cookie.
> 3) i modified the sample a little bit and used everyauth to handle the delegated authentication. I map the userinfos i get from facebook etc. against user profiles in a private db, which also contains the user passwords (unfortunately still in plaintext). Works perfectly, but.....
>
> Now i am trying to avoid storing the plaintext passwords. I heard about to use proxy_authentification_handler, but it seems i am too stupid to use it. I made the (as far as i understood) correct entries in couch_httpd_auth
>
> couch_httpd_auth auth_cache_size
> 50
> x
> authentication_db
> _users
> x
> authentication_redirect
> /_utils/session.html
> x
> require_valid_user
> false
> x
> secret
> xxxxxxxxxxxx
> x
> timeout
> 43200
> x
> x_auth_roles
> roles
> x
> x_auth_token
> token
> x
> x_auth_username
> uname
>
>
> and also in httpd
> httpd allow_jsonp
> true
> x
> authentication_handlers
> {couch_httpd_auth, proxy_authentification_handler},{couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth, default_authentication_handler}
> x
> bind_address
> 127.0.0.1
> x
> default_handler
> {couch_httpd_db, handle_request}
> x
> port
> 5984
> x
> secure_rewrites
> false
> x
> vhost_global_handlers
> _utils, _uuids, _session, _oauth, _users
>
> When i now do a GET on http://localhost:5984/_utils/config.html?uname=user1&roles=user that seems to doesn't lead to anything...
>
> Anybody ever got that thing running? Am i missing something? Or is there any chance to implement a custom authentication handler without coding erlang?
>
> Thanks for your help
> Michael
>
I'm not super familiar with this code but AFAIK, the proxy auth module
is for accepting auth done by a proxy (as opposed to proxying auth to
an external service).
So for instance, nginx could auth requests to some LDAP server and
then couchdb would trust nginx's auth passed forward. Theoretically if
you have your auth stuff working infront of couch you could do the
same thing but I'm not familiar enough to be much more help on that.